Changeset 11858
- Timestamp:
- 02/15/2018 03:52:40 PM (7 years ago)
- Location:
- trunk/src
- Files:
-
- 9 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/bp-core/bp-core-attachments.php
r11841 r11858 1190 1190 */ 1191 1191 function bp_attachments_cover_image_ajax_upload() { 1192 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD']) ) {1192 if ( ! bp_is_post_request() ) { 1193 1193 wp_die(); 1194 1194 } … … 1379 1379 */ 1380 1380 function bp_attachments_cover_image_ajax_delete() { 1381 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD']) ) {1381 if ( ! bp_is_post_request() ) { 1382 1382 wp_send_json_error(); 1383 1383 } -
trunk/src/bp-core/bp-core-avatars.php
r11670 r11858 810 810 */ 811 811 function bp_avatar_ajax_delete() { 812 // Bail if not a POST action. 813 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) ) { 812 if ( ! bp_is_post_request() ) { 814 813 wp_send_json_error(); 815 814 } … … 953 952 */ 954 953 function bp_avatar_ajax_upload() { 955 // Bail if not a POST action. 956 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) ) { 954 if ( ! bp_is_post_request() ) { 957 955 wp_die(); 958 956 } … … 1238 1236 */ 1239 1237 function bp_avatar_ajax_set() { 1240 // Bail if not a POST action. 1241 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) ) { 1238 if ( ! bp_is_post_request() ) { 1242 1239 wp_send_json_error(); 1243 1240 } -
trunk/src/bp-settings/bp-settings-actions.php
r11705 r11858 28 28 */ 29 29 function bp_settings_action_general() { 30 31 // Bail if not a POST action. 32 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) ) 33 return; 30 if ( ! bp_is_post_request() ) { 31 return; 32 } 34 33 35 34 // Bail if no submit action. 36 if ( ! isset( $_POST['submit'] ) ) 37 return; 35 if ( ! isset( $_POST['submit'] ) ) { 36 return; 37 } 38 38 39 39 // Bail if not in settings. 40 if ( ! bp_is_settings_component() || ! bp_is_current_action( 'general' ) ) 41 return; 40 if ( ! bp_is_settings_component() || ! bp_is_current_action( 'general' ) ) { 41 return; 42 } 42 43 43 44 // 404 if there are any additional action variables attached … … 260 261 */ 261 262 function bp_settings_action_notifications() { 262 263 // Bail if not a POST action. 264 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) ) 265 return; 263 if ( ! bp_is_post_request() ) { 264 return; 265 } 266 266 267 267 // Bail if no submit action. 268 if ( ! isset( $_POST['submit'] ) ) 269 return; 268 if ( ! isset( $_POST['submit'] ) ) { 269 return; 270 } 270 271 271 272 // Bail if not in settings. 272 if ( ! bp_is_settings_component() || ! bp_is_current_action( 'notifications' ) ) 273 if ( ! bp_is_settings_component() || ! bp_is_current_action( 'notifications' ) ) { 273 274 return false; 275 } 274 276 275 277 // 404 if there are any additional action variables attached … … 307 309 */ 308 310 function bp_settings_action_capabilities() { 309 310 // Bail if not a POST action. 311 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) ) 312 return; 311 if ( ! bp_is_post_request() ) { 312 return; 313 } 313 314 314 315 // Bail if no submit action. 315 if ( ! isset( $_POST['capabilities-submit'] ) ) 316 return; 316 if ( ! isset( $_POST['capabilities-submit'] ) ) { 317 return; 318 } 317 319 318 320 // Bail if not in settings. 319 if ( ! bp_is_settings_component() || ! bp_is_current_action( 'capabilities' ) ) 321 if ( ! bp_is_settings_component() || ! bp_is_current_action( 'capabilities' ) ) { 320 322 return false; 323 } 321 324 322 325 // 404 if there are any additional action variables attached … … 381 384 */ 382 385 function bp_settings_action_delete_account() { 383 384 // Bail if not a POST action. 385 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) ) 386 return; 386 if ( ! bp_is_post_request() ) { 387 return; 388 } 387 389 388 390 // Bail if no submit action. 389 if ( ! isset( $_POST['delete-account-understand'] ) ) 390 return; 391 if ( ! isset( $_POST['delete-account-understand'] ) ) { 392 return; 393 } 391 394 392 395 // Bail if not in settings. 393 if ( ! bp_is_settings_component() || ! bp_is_current_action( 'delete-account' ) ) 396 if ( ! bp_is_settings_component() || ! bp_is_current_action( 'delete-account' ) ) { 394 397 return false; 398 } 395 399 396 400 // 404 if there are any additional action variables attached -
trunk/src/bp-templates/bp-legacy/buddypress-functions.php
r11821 r11858 780 780 */ 781 781 function bp_legacy_theme_object_template_loader() { 782 // Bail if not a POST action.783 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )784 return;782 if ( ! bp_is_post_request() ) { 783 return; 784 } 785 785 786 786 // Bail if no object passed. 787 if ( empty( $_POST['object'] ) ) 788 return; 787 if ( empty( $_POST['object'] ) ) { 788 return; 789 } 789 790 790 791 // Sanitize the object. … … 792 793 793 794 // Bail if object is not an active component to prevent arbitrary file inclusion. 794 if ( ! bp_is_active( $object ) ) 795 return; 795 if ( ! bp_is_active( $object ) ) { 796 return; 797 } 796 798 797 799 /** … … 860 862 */ 861 863 function bp_legacy_theme_activity_template_loader() { 862 // Bail if not a POST action.863 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )864 return;864 if ( ! bp_is_post_request() ) { 865 return; 866 } 865 867 866 868 $scope = ''; … … 921 923 $bp = buddypress(); 922 924 923 // Bail if not a POST action.924 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )925 return;925 if ( ! bp_is_post_request() ) { 926 return; 927 } 926 928 927 929 // Check the nonce. … … 1010 1012 $bp = buddypress(); 1011 1013 1012 // Bail if not a POST action. 1013 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) ) { 1014 if ( ! bp_is_post_request() ) { 1014 1015 return; 1015 1016 } … … 1079 1080 */ 1080 1081 function bp_legacy_theme_delete_activity() { 1081 // Bail if not a POST action.1082 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )1083 return;1082 if ( ! bp_is_post_request() ) { 1083 return; 1084 } 1084 1085 1085 1086 // Check the nonce. … … 1117 1118 */ 1118 1119 function bp_legacy_theme_delete_activity_comment() { 1119 // Bail if not a POST action.1120 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )1121 return;1120 if ( ! bp_is_post_request() ) { 1121 return; 1122 } 1122 1123 1123 1124 // Check the nonce. … … 1159 1160 $bp = buddypress(); 1160 1161 1161 // Bail if not a POST action.1162 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )1163 return;1162 if ( ! bp_is_post_request() ) { 1163 return; 1164 } 1164 1165 1165 1166 // Check that user is logged in, Activity Streams are enabled, and Akismet is present. … … 1204 1205 function bp_legacy_theme_mark_activity_favorite() { 1205 1206 // Bail if not a POST action. 1206 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) ) 1207 return; 1207 if ( ! bp_is_post_request() ) { 1208 return; 1209 } 1208 1210 1209 1211 if ( ! isset( $_POST['nonce'] ) ) { … … 1233 1235 */ 1234 1236 function bp_legacy_theme_unmark_activity_favorite() { 1235 // Bail if not a POST action.1236 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )1237 return;1237 if ( ! bp_is_post_request() ) { 1238 return; 1239 } 1238 1240 1239 1241 if ( ! isset( $_POST['nonce'] ) ) { … … 1264 1266 */ 1265 1267 function bp_legacy_theme_get_single_activity_content() { 1266 // Bail if not a POST action.1267 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )1268 return;1268 if ( ! bp_is_post_request() ) { 1269 return; 1270 } 1269 1271 1270 1272 $activity_array = bp_activity_get_specific( array( … … 1304 1306 */ 1305 1307 function bp_legacy_theme_ajax_invite_user() { 1306 // Bail if not a POST action.1307 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )1308 return;1308 if ( ! bp_is_post_request() ) { 1309 return; 1310 } 1309 1311 1310 1312 check_ajax_referer( 'groups_invite_uninvite_user' ); … … 1387 1389 */ 1388 1390 function bp_legacy_theme_ajax_addremove_friend() { 1389 1390 // Bail if not a POST action. 1391 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) ) 1392 return; 1391 if ( ! bp_is_post_request() ) { 1392 return; 1393 } 1393 1394 1394 1395 // Cast fid as an integer. … … 1441 1442 */ 1442 1443 function bp_legacy_theme_ajax_accept_friendship() { 1443 // Bail if not a POST action.1444 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )1445 return;1444 if ( ! bp_is_post_request() ) { 1445 return; 1446 } 1446 1447 1447 1448 check_admin_referer( 'friends_accept_friendship' ); … … 1461 1462 */ 1462 1463 function bp_legacy_theme_ajax_reject_friendship() { 1463 // Bail if not a POST action.1464 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )1465 return;1464 if ( ! bp_is_post_request() ) { 1465 return; 1466 } 1466 1467 1467 1468 check_admin_referer( 'friends_reject_friendship' ); … … 1481 1482 */ 1482 1483 function bp_legacy_theme_ajax_joinleave_group() { 1483 // Bail if not a POST action.1484 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )1485 return;1484 if ( ! bp_is_post_request() ) { 1485 return; 1486 } 1486 1487 1487 1488 // Cast gid as integer. … … 1552 1553 */ 1553 1554 function bp_legacy_theme_ajax_close_notice() { 1554 // Bail if not a POST action.1555 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )1556 return;1555 if ( ! bp_is_post_request() ) { 1556 return; 1557 } 1557 1558 1558 1559 $nonce_check = isset( $_POST['nonce'] ) && wp_verify_nonce( wp_unslash( $_POST['nonce'] ), 'bp_messages_close_notice' ); … … 1584 1585 */ 1585 1586 function bp_legacy_theme_ajax_messages_send_reply() { 1586 // Bail if not a POST action.1587 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )1588 return;1587 if ( ! bp_is_post_request() ) { 1588 return; 1589 } 1589 1590 1590 1591 check_ajax_referer( 'messages_send_message' ); -
trunk/src/bp-templates/bp-nouveau/includes/activity/ajax.php
r11856 r11858 86 86 */ 87 87 function bp_nouveau_ajax_mark_activity_favorite() { 88 // Bail if not a POST action. 89 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) ) { 88 if ( ! bp_is_post_request() ) { 90 89 wp_send_json_error(); 91 90 } … … 127 126 */ 128 127 function bp_nouveau_ajax_unmark_activity_favorite() { 129 // Bail if not a POST action. 130 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) ) { 128 if ( ! bp_is_post_request() ) { 131 129 wp_send_json_error(); 132 130 } … … 164 162 */ 165 163 function bp_nouveau_ajax_clear_new_mentions() { 166 // Bail if not a POST action. 167 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) ) { 164 if ( ! bp_is_post_request() ) { 168 165 wp_send_json_error(); 169 166 } … … 194 191 195 192 // Bail if not a POST action. 196 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD']) ) {193 if ( ! bp_is_post_request() ) { 197 194 wp_send_json_error( $response ); 198 195 } … … 266 263 267 264 // Bail if not a POST action. 268 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD']) ) {265 if ( ! bp_is_post_request() ) { 269 266 wp_send_json_error( $response ); 270 267 } … … 327 324 328 325 // Bail if not a POST action. 329 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD']) ) {326 if ( ! bp_is_post_request() ) { 330 327 wp_send_json_error( $response ); 331 328 } … … 564 561 565 562 // Bail if not a POST action. 566 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD']) ) {563 if ( ! bp_is_post_request() ) { 567 564 wp_send_json_error( $response ); 568 565 } -
trunk/src/bp-templates/bp-nouveau/includes/ajax.php
r11855 r11858 16 16 */ 17 17 function bp_nouveau_ajax_object_template_loader() { 18 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD']) ) {18 if ( ! bp_is_post_request() ) { 19 19 wp_send_json_error(); 20 20 } -
trunk/src/bp-templates/bp-nouveau/includes/friends/ajax.php
r11856 r11858 63 63 64 64 // Bail if not a POST action. 65 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD']) ) {65 if ( ! bp_is_post_request() ) { 66 66 wp_send_json_error( $response ); 67 67 } -
trunk/src/bp-templates/bp-nouveau/includes/groups/ajax.php
r11856 r11858 40 40 41 41 // Bail if not a POST action. 42 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD']) || empty( $_POST['action'] ) ) {42 if ( ! bp_is_post_request() || empty( $_POST['action'] ) ) { 43 43 wp_send_json_error( $response ); 44 44 } -
trunk/src/bp-xprofile/bp-xprofile-actions.php
r10825 r11858 55 55 56 56 // Bail if not a POST action. 57 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD']) ) {57 if ( ! bp_is_post_request() ) { 58 58 return; 59 59 }
Note: See TracChangeset
for help on using the changeset viewer.